guestbook.php form sanitization

diff --git a/guestbook.php b/guestbook.php
index fa226f1fc99d9164e7a4a61990e6766b5cc9e944..cbba13e4d6a15599793fbe1c6bd196631acfa7c2 100644 (file)
--- a/guestbook.php
+++ b/guestbook.php
@@ -38,11 +38,11 @@
                                                
                                                // entry submission
                                                if ($_SERVER["REQUEST_METHOD"] == "POST"){
-                                                       $name = $_POST['name'];
-                                                       $country = $_POST['country'];
-                                                       $website = $_POST['website'];
-                                                       $email = $_POST['email'];
-                                                       $comment = $_POST['comment'];
+                                                       $name = htmlspecialchars($_POST['name'], ENT_QUOTES, "UTF-8");
+                                                       $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8");
+                                                       $website = htmlspecialchars($_POST['website'], ENT_QUOTES, "UTF-8");
+                                                       $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
+                                                       $comment = htmlspecialchars($_POST['comment'], ENT_QUOTES, "UTF-8");
                                                        $ip_addr = $_SERVER['REMOTE_ADDR'];
                                                        
                                                        // query